Go-Ahead, one of the UK’s biggest bus operators, has said it is battling a cyber-attack after unearthing “unauthorized activity” on its network earlier in the week.
The company said it became aware of a network breach late on Sunday and is “currently managing a cyber security incident” to keep buses running without disruption. However, the rail business remained unaffected as it operates on separate systems and is running smoothly in the UK and abroad.
The cyber attack has affected parts of Go-Ahead’s back office systems, including the software that manages parts of its bus operations, such as driver rostering, although there was no disruption to services on Monday.
“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” the company said in a statement on Tuesday.
The company has also notified relevant regulators of the attack, including the Information Commissioner’s Office in the UK.
The Newcastle-based transportation is one of the UK’s biggest bus operators, with networks across South, South West, London, North West, East Anglia, East Yorkshire, and its native North East. The firm also operates multiple high-capacity railway services in the UK including Great Northern, Thameslink, Gatwick Express, and Southern.
The incident occurred just weeks before Go-Ahead is due to be acquired by a consortium of Australian bus operator Kinetic Holding and Spain’s Globalvia Inversiones, backed by international pension funds. The acquisition previously estimated the value of the UK business at £669m.
Cyber attacks on governments and other entities have multiplied in recent years. There were 2.8bn known malware attacks in the first half of 2022, up by 11 percent, cyber security company SonicWall reported.
Attacks on European entities surged more rapidly than in the United States. In Europe, the total number of malware attacks grew by 23 percent compared to the first half of 2021. In the United States, the number grew by 2 percent.
"Cybercrime has been a global phenomenon for decades. But with geopolitical forces accelerating the reconfiguration of the world’s cyber front lines, the true danger presented by threat actors is coming to the fore —, particularly among those that once saw the smallest share of attacks," Bill Conner, president, and chief executive of SonicWall, stated.